82ed9c64097b1c079d828a4f9202325fdb1f717909945ceb435b6636e9b654da

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
11-07-2024 01:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

82ed9c64097b1c079d828a4f9202325fdb1f717909945ceb435b6636e9b654da.exe
Size

2.7MB
MD5

3629d759ad64e2c772f315ee5d384b6a
SHA1

601035c98de3b73708871b7f61001c84f569d6c1
SHA256

82ed9c64097b1c079d828a4f9202325fdb1f717909945ceb435b6636e9b654da
SHA512

62d98bd06fedbf346f6b919ffa3c41b702fda2a4233aa99c9c7975008fc9599b5bb172a7de9a4b8a9619d498e707808ec0d643a47f41d6fa4d4c6e638a819cb6
SSDEEP

49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBC9w4Sx:+R0pI/IQlUoMPdmpSpw4

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1368	xoptisys.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Parametr = "C:\\FilesBW\\xoptisys.exe"	82ed9c64097b1c079d828a4f9202325fdb1f717909945ceb435b6636e9b654da.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Parametr = "C:\\LabZJQ\\dobxec.exe"	82ed9c64097b1c079d828a4f9202325fdb1f717909945ceb435b6636e9b654da.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4120	82ed9c64097b1c079d828a4f9202325fdb1f717909945ceb435b6636e9b654da.exe
4120	82ed9c64097b1c079d828a4f9202325fdb1f717909945ceb435b6636e9b654da.exe
4120	82ed9c64097b1c079d828a4f9202325fdb1f717909945ceb435b6636e9b654da.exe
4120	82ed9c64097b1c079d828a4f9202325fdb1f717909945ceb435b6636e9b654da.exe
1368	xoptisys.exe
1368	xoptisys.exe
4120	82ed9c64097b1c079d828a4f9202325fdb1f717909945ceb435b6636e9b654da.exe
4120	82ed9c64097b1c079d828a4f9202325fdb1f717909945ceb435b6636e9b654da.exe
1368	xoptisys.exe
1368	xoptisys.exe
4120	82ed9c64097b1c079d828a4f9202325fdb1f717909945ceb435b6636e9b654da.exe
4120	82ed9c64097b1c079d828a4f9202325fdb1f717909945ceb435b6636e9b654da.exe
1368	xoptisys.exe
1368	xoptisys.exe
4120	82ed9c64097b1c079d828a4f9202325fdb1f717909945ceb435b6636e9b654da.exe
4120	82ed9c64097b1c079d828a4f9202325fdb1f717909945ceb435b6636e9b654da.exe
1368	xoptisys.exe
1368	xoptisys.exe
4120	82ed9c64097b1c079d828a4f9202325fdb1f717909945ceb435b6636e9b654da.exe
4120	82ed9c64097b1c079d828a4f9202325fdb1f717909945ceb435b6636e9b654da.exe
1368	xoptisys.exe
1368	xoptisys.exe
4120	82ed9c64097b1c079d828a4f9202325fdb1f717909945ceb435b6636e9b654da.exe
4120	82ed9c64097b1c079d828a4f9202325fdb1f717909945ceb435b6636e9b654da.exe
1368	xoptisys.exe
1368	xoptisys.exe
4120	82ed9c64097b1c079d828a4f9202325fdb1f717909945ceb435b6636e9b654da.exe
4120	82ed9c64097b1c079d828a4f9202325fdb1f717909945ceb435b6636e9b654da.exe
1368	xoptisys.exe
1368	xoptisys.exe
4120	82ed9c64097b1c079d828a4f9202325fdb1f717909945ceb435b6636e9b654da.exe
4120	82ed9c64097b1c079d828a4f9202325fdb1f717909945ceb435b6636e9b654da.exe
1368	xoptisys.exe
1368	xoptisys.exe
4120	82ed9c64097b1c079d828a4f9202325fdb1f717909945ceb435b6636e9b654da.exe
4120	82ed9c64097b1c079d828a4f9202325fdb1f717909945ceb435b6636e9b654da.exe
1368	xoptisys.exe
1368	xoptisys.exe
4120	82ed9c64097b1c079d828a4f9202325fdb1f717909945ceb435b6636e9b654da.exe
4120	82ed9c64097b1c079d828a4f9202325fdb1f717909945ceb435b6636e9b654da.exe
1368	xoptisys.exe
1368	xoptisys.exe
4120	82ed9c64097b1c079d828a4f9202325fdb1f717909945ceb435b6636e9b654da.exe
4120	82ed9c64097b1c079d828a4f9202325fdb1f717909945ceb435b6636e9b654da.exe
1368	xoptisys.exe
1368	xoptisys.exe
4120	82ed9c64097b1c079d828a4f9202325fdb1f717909945ceb435b6636e9b654da.exe
4120	82ed9c64097b1c079d828a4f9202325fdb1f717909945ceb435b6636e9b654da.exe
1368	xoptisys.exe
1368	xoptisys.exe
4120	82ed9c64097b1c079d828a4f9202325fdb1f717909945ceb435b6636e9b654da.exe
4120	82ed9c64097b1c079d828a4f9202325fdb1f717909945ceb435b6636e9b654da.exe
1368	xoptisys.exe
1368	xoptisys.exe
4120	82ed9c64097b1c079d828a4f9202325fdb1f717909945ceb435b6636e9b654da.exe
4120	82ed9c64097b1c079d828a4f9202325fdb1f717909945ceb435b6636e9b654da.exe
1368	xoptisys.exe
1368	xoptisys.exe
4120	82ed9c64097b1c079d828a4f9202325fdb1f717909945ceb435b6636e9b654da.exe
4120	82ed9c64097b1c079d828a4f9202325fdb1f717909945ceb435b6636e9b654da.exe
1368	xoptisys.exe
1368	xoptisys.exe
4120	82ed9c64097b1c079d828a4f9202325fdb1f717909945ceb435b6636e9b654da.exe
4120	82ed9c64097b1c079d828a4f9202325fdb1f717909945ceb435b6636e9b654da.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4120 wrote to memory of 1368	4120	82ed9c64097b1c079d828a4f9202325fdb1f717909945ceb435b6636e9b654da.exe	86
PID 4120 wrote to memory of 1368	4120	82ed9c64097b1c079d828a4f9202325fdb1f717909945ceb435b6636e9b654da.exe	86
PID 4120 wrote to memory of 1368	4120	82ed9c64097b1c079d828a4f9202325fdb1f717909945ceb435b6636e9b654da.exe	86

C:\Users\Admin\AppData\Local\Temp\82ed9c64097b1c079d828a4f9202325fdb1f717909945ceb435b6636e9b654da.exe
"C:\Users\Admin\AppData\Local\Temp\82ed9c64097b1c079d828a4f9202325fdb1f717909945ceb435b6636e9b654da.exe"
1⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4120
- C:\FilesBW\xoptisys.exe
  C:\FilesBW\xoptisys.exe
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:1368

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\FilesBW\xoptisys.exe

Filesize
2.7MB

MD5
a3a52d259493a24f26939e818226defa

SHA1
6957ac1d1463f3fae45b595bbf471668b49b925a

SHA256
523e408cff5b3131b8f42f179ffd64022001d7fbe99c59c4f9a5de62ee72b937

SHA512
1b4ce5c8177b94d3a1ec73e9f41f660e1b01565a84392cb826954acc047fe59875b13c027006d4b66778a7e7f3167e9a3efac313e2e0e60d6eb2f70945106ac1

Download Submit
C:\LabZJQ\dobxec.exe

Filesize
2.7MB

MD5
7d3508a4ad923c93f889a4f19515ecd1

SHA1
1dc98abcf2db2af222be7104f17a8f6ae2166f68

SHA256
dcb1df1457b4a6f3ec6f66b0c3387d73fe2415fb156bea73fa41a7881b514af9

SHA512
423e4c43811329e9d3641a19701c6c9553303f251bb7f2f8e7233e1bcd2cf6c9118ccbf5e2e771b5f7b2eaa99efbcd04e543f31531500a82f52029e3614bb3b9

Download Submit
C:\Users\Admin\253086396416_10.0_Admin.ini

Filesize
202B

MD5
0e021b2d5fae0af048d47b53aed8f24b

SHA1
ada80f09bdeb99c08feaac2c124a62d710443e56

SHA256
5a1dd37cd457171e05a13334a390811d2cf05679f9ffd8c09efe070c6e4bb5a8

SHA512
1149a3ad46d9e6a61a512caf3d25e15bd9204e8d6cee8638c703b8e114c2fa819be7d46ca39ee7c4444d3197ef0d1963e4be47342cf7a596c7519884208b9a11

Download Submit